Renato Renner and Robert Koenig

Privacy amplification is the art of shrinking a partially secret
string Z to a highly secret key S. We show that, even if an
adversary holds quantum information about the initial string Z,
the key S obtained by two-universal hashing is secure, according
to a universally composable security definition. Additionally, we
give an asymptotically optimal lower bound on the length of the
extractable key S in terms of the adversary's (quantum) knowledge
about S. Our result has applications in quantum cryptography. In
particular, it implies that many of the known quantum key
distribution protocols are universally composable.